Nowadays most organizations have begun to implement a Vulnerability Management Program (VMP), but implementing one is daunting. Most organizations realize they either have no true categorical ownership over systems or they lack the authority to enforce remediation of identified vulnerabilities. Either way, it is time consuming to track down and enforce a true VMP within many organizations.

What is a Vulnerability Management Program?

If you are new to implementing a VMP, then you first must understand what vulnerability management is. It seems self-evident, but it is the management (life-cycle) of identifying risks related to unpatched, misconfigured and unknown systems within an entity and implementing a remediation process for any identified risk.

Building and facilitating a culture with continuous collaboration between engineers and security forces is becoming the new philosophy in security, which is why I am stoked for this year’s Black Hat USA keynote speaker: Dino Dai Zovi, staff security engineer at Square.
“Every Security Team is a Software Team Now” promises to dive into the latest iteration of security operations as current security teams morph into in-house security software teams, delivering multi-vertical value through self-service platforms and tools.
Continue reading